windows 免杀远控
Cobalt Strike
信息收集
C段
https://phpinfo.me/bing.php
公司ip段
http://bgp.he.net
同ip反查
http://i.links.cn/sameip/61.164.241.103.html
http://s.tool.chinaz.com/same
http://www.114best.com/ip/114.aspx
https://www.yougetsignal.com/tools/web-sites-on-web-server/
http://tool.114la.com/sameip/
http://www.sameip.org/
Transparency Monitoring
https://developers.facebook.com/tools/ct/
https://transparencyreport.google.com/https/certificates
passive dns
https://www.circl.lu/services/passive-dns/
https://www.passivetotal.org/
https://www.virustotal.com/fr/documentation/public-api/#getting-ip-reports
https://www.passivetotal.org/
https://dnsdumpster.com/
https://github.com/michenriksen/aquatone
地区ip
中国ip http://www.ipdeny.com/ipblocks/data/countries/cn.zone
网站证书查看
http://web.chacuo.net/netsslcheck
域名历史
http://toolbar.netcraft.com/site_report?url=5alt.me
https://www.benmi.com/whoishistory/
其他
https://x.threatbook.cn/
https://censys.io/data
数据
https://scans.io/study/sonar.fdns_v2
扫描器
https://github.com/lijiejie/BBScan
https://github.com/We5ter/Scanners-Box
查找cdn后原始ip
https://github.com/christophetd/CloudFlair
端口扫描
zmap 扫单一端口
sudo zmap -p 80 -o results.csv 10.0.0.0/24
massscan 扫多端口
sudo ./masscan -p1-65535 10.0.0.024 -oJ result.json
隐藏身份
https://www.noip.com/
https://github.com/fate0/proxylist/blob/master/proxy.list
127.0.0.1.xip.io
https://proxy.coderbusy.com/
https://github.com/SpiderClub/haipproxy
社工库
不打码
https://dumpedlqezarfife.onion.lu/
打码
http://163.donothackme.club/
https://haveibeenpwned.com/
注册查询
https://namechk.com/
http://www.reg007.com/
Twitter信息查询
https://tinfoleak.com/
社工库搜索
https://github.com/woanware/LogViewer
http://sary.sourceforge.net/ 10e以下数据推荐
hash
md5
http://cmd5.com/
http://www.md5.cc/
https://www.somd5.com/
http://pmd5.com/
window hash
http://www.objectif-securite.ch/ophcrack.php
密码生成
https://github.com/bit4woo/passmaker
字典 https://github.com/rootphantomer/Blasting_dictionary
https://github.com/LandGrey/pydictor
勒索软件解密
https://www.nomoreransom.org/
批量扫描
https://fofa.so/
https://www.zoomeye.org
web 指纹识别
https://github.com/Ms0x0/Dayu
https://github.com/boy-hack/w9scan
渗透辅助
https://github.com/BugScanTeam/DNSLog
在线运行
php https://3v4l.org/
数据库连接
https://www.adminer.org
java 反序列化问题
https://github.com/mbechler/marshalsec
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
https://github.com/federicodotta/Java-Deserialization-Scanner
web 学习
https://github.com/CHYbeta/Web-Security-Learning
静态代码分析
java http://find-sec-bugs.github.io/
ruby https://github.com/thesp0nge/dawnscanner
https://github.com/nccgroup/VCG
php 代码加密解密
PHP代码修复工具(针对乱码类、混淆类文件修复) http://zhaoyuanma.com/phpcodefix.html
前端库安全
https://retirejs.github.io/retire.js/
github 搜索
https://github.com/5alt/GitLeak
https://github.com/zricethezav/gitleaks
unicode 同形字
http://www.unicode.org/Public/security/latest/confusablesSummary.txt
反编译 flash
https://www.free-decompiler.com/flash/
git/svn 泄露
https://github.com/anantshri/svn-extractor
https://github.com/BugScanTeam/GitHack
漏洞环境
https://github.com/Medicean/VulApps
https://github.com/vulhub/vulhub
CSP 解析
https://csp-evaluator.withgoogle.com/
xss
https://github.com/masatokinugawa/filterbypass/wiki/Browser’s-XSS-Filter-Bypass-Cheat-Sheet
uxss
https://github.com/Metnew/uxss-db
js 混淆
https://github.com/javascript-obfuscator/javascript-obfuscator
https://javascriptobfuscator.herokuapp.com/
https://github.com/mishoo/UglifyJS2
https://prepack.io/getting-started.html
js 反混淆
https://mindedsecurity.github.io/jstillery/
https://github.com/mindedsecurity/JStillery
poc
https://github.com/CHYbeta/cmsPoc
https://github.com/Lucifer1993/AngelSword
burpunlimited
https://sourceforge.net/projects/burpunlimited/?source=directory
https://github.com/bit4woo/u2c
其他
营业执照 http://zz.iis1.cn/
身份证生成 http://id.100xiao.com/
210
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
